I want to secure a Docker image based on php-apache.
My Dockerfile uses a bash script as entrypoint were the minimum rights are given to www-data user to run apache. The rights are given with setfacl, and setfacl rules are not persisted in docker image, they need to be create on boot time (correct me if I'm wrong). At the end, the entrypoint launches apache2
My issue is: the entrypoint needs to be launch as root (for setfacl). But I configured all the image so I can launch apache2 as www-data for maximum security. How can I solve this ?
Dockerfile looks like :
`FROM php:${TAG_SIAM_PHP}
...
EXPOSE 80 EXPOSE 443
USER www-data
ENTRYPOINT ["bash", "/docker-entrypoint.sh"]
`
Thanks !
I thought about launching the entrypoint as root and then su - www-data -c apache2... But for security reasons www-data is a non login user so that does not work.
I thought about changing USER in dockerfile between ENTRYPOINT and CMD but that does not work I think...
